VDB

GCVE-110-OSM-2026-2274

GCVE-110-OSM-2026-2274
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published January 9, 2026
Glassworm threat actor steganographic attack using hidden Unicode variation selectors embedded in server.js. Uses invisible Unicode characters to hide malicious payloads that execute when the file is loaded. Campaign targets supply-chain via compromised repositories. Malicious payload found in: server.js Attack vector: Glassworm steganographic attack using hidden Unicode variation selectors Decoder signature: 0xFE00&&w<=0xFE0F?w-0xFE00:w>=0xE0100&&w<=0xE01EF (extracts hidden commands from variation selector ranges) Behavior: Embedded JavaScript extracts malicious payloads encoded as Unicode variation selectors (U+FE00-U+FE0F, U+E0100-U+E01EF) that are invisible to human code reviewers but decoded and executed at runtime. Typically used for cryptocurrency theft and credential exfiltration.

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknownall (affected)

References

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›